What i am asking is the higher-level purpose of the signature.
... some examples might be: ...
3. the signature specifies that the message is not spam
My main interest in mailsig is #3.
I'm afraid you're out of luck. Spammers can sign messages just as
well as anyone else. Ciphertrust says that significantly more spam
than legit mail now passes SPF. If you want to do not-spam semantics,
they you're going to need some sort of certifying authority that only
gives keys to people who don't spam, but I think that history tells us
that any authority that issued enough keys to be of interest would
issue enough keys that some of them would turn out to be issued to
I don't see how a signature can do more than fix the blame, "we assert
that we sent this mail so if you have a problem with it, you can
contact us about it." For the example of the mailing list, it says
that the message really is from the mailing list, but it doesn't say
anything about how the message got to the mailing list. If the
mailing list somehow lets spam leak onto the list, that spam can be
and should be signed by the list, and recipients can decide whether
they still want to get mail from that list.